* PR27836, readelf -w pointer comparison UB
@ 2021-05-12 12:05 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2021-05-12 12:05 UTC (permalink / raw)
To: binutils
PR 27836
* dwarf.c (display_debug_frames): Don't compare pointers derived
from user input. Test offset against bounds instead.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 896035ccde2..51c0afc275e 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -8810,16 +8810,18 @@ display_debug_frames (struct dwarf_section *section,
{
unsigned char *look_for;
unsigned long segment_selector;
+ dwarf_vma cie_off;
+ cie_off = cie_id;
if (is_eh)
{
dwarf_vma sign = (dwarf_vma) 1 << (offset_size * 8 - 1);
- look_for = start - 4 - ((cie_id ^ sign) - sign);
+ cie_off = (cie_off ^ sign) - sign;
+ cie_off = start - 4 - section_start - cie_off;
}
- else
- look_for = section_start + cie_id;
- if (look_for <= saved_start)
+ look_for = section_start + cie_off;
+ if (cie_off <= (dwarf_vma) (saved_start - section_start))
{
for (cie = chunks; cie ; cie = cie->next)
if (cie->chunk_start == look_for)
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-18 6:35 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-12 12:05 PR27836, readelf -w pointer comparison UB Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).